Address Coverity warnings in keymgr.c

Coverity showed that the return value of `dst_key_gettime` was
unchecked in INITIALIZE_STATE. If DST_TIME_CREATED was not set we
would set the state to be initialized to a weird last changed time.

This would normally not happen because DST_TIME_CREATED is always
set. However, we would rather set the time to now (as the comment
also indicates) not match the creation time.

The comment on INITIALIZE_STATE also needs updating as we no
longer always initialize to HIDDEN.

diff --git a/CHANGES b/CHANGES
index acc0e6c29c052c19e5ef11b4a7135fb149f85923..44f01ad9b041487aafaf73d7308836cc1c2fe151 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+5386.  [cleanup]       Address Coverity warnings in keymgr.c [GL #1737]
+
+
 5385.  [func]          Make ISC rwlock implementation the default again.
                        [GL #1753]
 

diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c
index 09ba4dc9c47acff6d53feaf985f2eeb26e17e650..5c5bba8e3ba1c73c139c21dfe456675ee331df35 100644 (file)
--- a/lib/dns/keymgr.c
+++ b/lib/dns/keymgr.c
@@ -40,17 +40,15 @@
        } while (0)
 
 /*
- * Set key state to HIDDEN and change last changed to now,
- * only if key state has not been set before.
+ * Set key state to `target` state and change last changed
+ * to `time`, only if key state has not been set before.
  */
-#define INITIALIZE_STATE(key, state, time, target)                            \
+#define INITIALIZE_STATE(key, state, timing, target, time)                    \
        do {                                                                  \
                dst_key_state_t s;                                            \
                if (dst_key_getstate((key), (state), &s) == ISC_R_NOTFOUND) { \
-                       isc_stdtime_t t;                                      \
-                       dst_key_gettime((key), DST_TIME_CREATED, &t);         \
-                       dst_key_setstate((key), (state), target);             \
-                       dst_key_settime((key), (time), t);                    \
+                       dst_key_setstate((key), (state), (target));           \
+                       dst_key_settime((key), (timing), time);               \
                }                                                             \
        } while (0)
 
@@ -1286,15 +1284,16 @@ keymgr_key_init(dns_dnsseckey_t *key, dns_kasp_t *kasp, isc_stdtime_t now) {
 
        /* Set key states for all keys that do not have them. */
        INITIALIZE_STATE(key->key, DST_KEY_DNSKEY, DST_TIME_DNSKEY,
-                        dnskey_state);
+                        dnskey_state, now);
        if (ksk) {
                INITIALIZE_STATE(key->key, DST_KEY_KRRSIG, DST_TIME_KRRSIG,
-                                dnskey_state);
-               INITIALIZE_STATE(key->key, DST_KEY_DS, DST_TIME_DS, ds_state);
+                                dnskey_state, now);
+               INITIALIZE_STATE(key->key, DST_KEY_DS, DST_TIME_DS, ds_state,
+                                now);
        }
        if (zsk) {
                INITIALIZE_STATE(key->key, DST_KEY_ZRRSIG, DST_TIME_ZRRSIG,
-                                zrrsig_state);
+                                zrrsig_state, now);
        }
 }